* [BUG] Misplaced quote in %d printf format crashes Zsh
@ 2024-06-08 21:12 Philippe Altherr
2024-06-08 23:04 ` Mark J. Reed
0 siblings, 1 reply; 4+ messages in thread
From: Philippe Altherr @ 2024-06-08 21:12 UTC (permalink / raw)
To: Zsh hackers list
[-- Attachment #1: Type: text/plain, Size: 788 bytes --]
On macOS 14.5 running Zsh 5.9, the following command crashes Zsh:
% zsh -c "printf -v result \" %5'd\""
zsh:printf:1: %5': invalid directive
zsh(41890,0x7ff8450ddfc0) malloc: *** error for object 0x600002c811e0:
pointer being realloc'd was not allocated
zsh(41890,0x7ff8450ddfc0) malloc: *** set a breakpoint in
malloc_error_break to debug
zsh: abort zsh -c "printf -v result \" %5'd\""
Surprisingly, dropping the -v option, removing the space before the %, or
adding an echo command after the printf command avoid the crash:
% zsh -c "printf \" %5'd\""
zsh:printf:1: %5': invalid directive
*%*
% zsh -c "printf -v result \"%5'd\""
zsh:printf:1: %5': invalid directive
% zsh -c "printf -v result \" %5'd\"; echo foo"
zsh:printf:1: %5': invalid directive
foo
Philippe
[-- Attachment #2: Type: text/html, Size: 6379 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] Misplaced quote in %d printf format crashes Zsh
2024-06-08 21:12 [BUG] Misplaced quote in %d printf format crashes Zsh Philippe Altherr
@ 2024-06-08 23:04 ` Mark J. Reed
2024-06-09 0:23 ` Mark J. Reed
0 siblings, 1 reply; 4+ messages in thread
From: Mark J. Reed @ 2024-06-08 23:04 UTC (permalink / raw)
To: Zsh hackers list
[-- Attachment #1: Type: text/plain, Size: 1241 bytes --]
I'm away from my Mac at the moment, but FWIW, the crash does not appear to
happen on Windows (MSYS64):
*(0)> printf -v result " %5'd"*
*printf: %5': invalid directive*
*(1)> $0 --version*
*zsh 5.9 (x86_64-pc-msys)*
On Sat, Jun 8, 2024 at 5:13 PM Philippe Altherr <philippe.altherr@gmail.com>
wrote:
> On macOS 14.5 running Zsh 5.9, the following command crashes Zsh:
>
> % zsh -c "printf -v result \" %5'd\""
>
> zsh:printf:1: %5': invalid directive
>
> zsh(41890,0x7ff8450ddfc0) malloc: *** error for object 0x600002c811e0:
> pointer being realloc'd was not allocated
>
> zsh(41890,0x7ff8450ddfc0) malloc: *** set a breakpoint in
> malloc_error_break to debug
>
> zsh: abort zsh -c "printf -v result \" %5'd\""
>
> Surprisingly, dropping the -v option, removing the space before the %, or
> adding an echo command after the printf command avoid the crash:
>
> % zsh -c "printf \" %5'd\""
>
> zsh:printf:1: %5': invalid directive
>
> *%*
>
> % zsh -c "printf -v result \"%5'd\""
>
> zsh:printf:1: %5': invalid directive
>
> % zsh -c "printf -v result \" %5'd\"; echo foo"
>
> zsh:printf:1: %5': invalid directive
>
> foo
>
> Philippe
>
>
--
Mark J. Reed <markjreed@gmail.com>
[-- Attachment #2: Type: text/html, Size: 6944 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] Misplaced quote in %d printf format crashes Zsh
2024-06-08 23:04 ` Mark J. Reed
@ 2024-06-09 0:23 ` Mark J. Reed
2024-06-11 2:24 ` Jun T
0 siblings, 1 reply; 4+ messages in thread
From: Mark J. Reed @ 2024-06-09 0:23 UTC (permalink / raw)
To: Zsh hackers list
[-- Attachment #1: Type: text/plain, Size: 1782 bytes --]
Duplicated on my Macs; /bin/zsh (5.9) exhibits the crash on both x86_64 and
ARM (M2).
My locally-built 5.9.0.1-dev does not exhibit the symptom. To see if it was
a build thing or the result of a code change, I checked out the zsh-5.9 tag
and built that... and it also did not crash. So it seems to be something
about Apple's build environment.
On Sat, Jun 8, 2024 at 7:04 PM Mark J. Reed <markjreed@gmail.com> wrote:
> I'm away from my Mac at the moment, but FWIW, the crash does not appear to
> happen on Windows (MSYS64):
>
> *(0)> printf -v result " %5'd"*
> *printf: %5': invalid directive*
> *(1)> $0 --version*
> *zsh 5.9 (x86_64-pc-msys)*
>
>
> On Sat, Jun 8, 2024 at 5:13 PM Philippe Altherr <
> philippe.altherr@gmail.com> wrote:
>
>> On macOS 14.5 running Zsh 5.9, the following command crashes Zsh:
>>
>> % zsh -c "printf -v result \" %5'd\""
>>
>> zsh:printf:1: %5': invalid directive
>>
>> zsh(41890,0x7ff8450ddfc0) malloc: *** error for object 0x600002c811e0:
>> pointer being realloc'd was not allocated
>>
>> zsh(41890,0x7ff8450ddfc0) malloc: *** set a breakpoint in
>> malloc_error_break to debug
>>
>> zsh: abort zsh -c "printf -v result \" %5'd\""
>>
>> Surprisingly, dropping the -v option, removing the space before the %,
>> or adding an echo command after the printf command avoid the crash:
>>
>> % zsh -c "printf \" %5'd\""
>>
>> zsh:printf:1: %5': invalid directive
>>
>> *%*
>>
>> % zsh -c "printf -v result \"%5'd\""
>>
>> zsh:printf:1: %5': invalid directive
>>
>> % zsh -c "printf -v result \" %5'd\"; echo foo"
>>
>> zsh:printf:1: %5': invalid directive
>>
>> foo
>>
>> Philippe
>>
>>
>
> --
> Mark J. Reed <markjreed@gmail.com>
>
--
Mark J. Reed <markjreed@gmail.com>
[-- Attachment #2: Type: text/html, Size: 7925 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [BUG] Misplaced quote in %d printf format crashes Zsh
2024-06-09 0:23 ` Mark J. Reed
@ 2024-06-11 2:24 ` Jun T
0 siblings, 0 replies; 4+ messages in thread
From: Jun T @ 2024-06-11 2:24 UTC (permalink / raw)
To: zsh-workers
> 2024/06/09 9:23, Mark J. Reed <markjreed@gmail.com> wrote:
>
> Duplicated on my Macs; /bin/zsh (5.9) exhibits the crash on both x86_64 and ARM (M2).
>
> My locally-built 5.9.0.1-dev does not exhibit the symptom. To see if it was a build thing or the result of a code change, I checked out the zsh-5.9 tag and built that... and it also did not crash. So it seems to be something about Apple's build environment.
Which version of macOS are you using?
I tested on Ventura (13.6.3) and got the same crash with my local build
of both zsh-5.9 and the current git HEAD.
Valgrind (on Linux) tells me that the memory allocated at line 4877 in
builtin.c is lost:
ASSIGN_MSTREAM(buf,fout);
free(buf) _is_ called at line 5863, but it seems we need fclose(fout)
before freeing the memory. But the macro CLOSE_CLEANLY(fout) does not close
fout since CLOSE_FOUT() does nothing if HAVE_OPEN_MEMSTREAM is defined.
As the comment /* Why do we care about a clean close here? */ suggests,
I guess we can simply close fout if it is not stdout, just like lines
5228, 5265, 5299.
diff --git a/Src/builtin.c b/Src/builtin.c
index 7bfb1ce1d..cd0ee7522 100644
--- a/Src/builtin.c
+++ b/Src/builtin.c
@@ -5455,9 +5455,8 @@ bin_print(char *name, char **args, Options ops, int func)
}
zwarnnam(name, "%s: invalid directive", start);
if (*c) c[1] = save;
- /* Why do we care about a clean close here? */
- if (!CLOSE_CLEANLY(fout))
- zwarnnam(name, "write error: %e", errno);
+ if (fout != stdout)
+ fclose(fout);
#ifdef HAVE_OPEN_MEMSTREAM
if (buf)
free(buf);
--
Jun
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-11 2:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-08 21:12 [BUG] Misplaced quote in %d printf format crashes Zsh Philippe Altherr
2024-06-08 23:04 ` Mark J. Reed
2024-06-09 0:23 ` Mark J. Reed
2024-06-11 2:24 ` Jun T
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).